之前一直没有好好系统地学习Java代码审计,趁最近有时间进行一个学习,与一些环境配置的心得
本地环境
- IntelliJ IDEA
- Maven
- Tomcat
webapp
利用Maven构建webapp
在Project Structure中,设定Sources文件夹
修改Facets
修改Configuration,添加Tomcat,增加Deployment
配置Tomcat
启动服务,服务正常运行。
下面以S2-001为例搭建环境
S2-001
本地构建
从http://archive.apache.org/dist/struts/binaries/struts-2.0.1-all.zip中下载Struts2的jar包
在/src/main/webapp/WEB-INF/中新建lib文件夹,加入相关jar包
导入配置
在pom.xml中加入struts2的依赖
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>2.0.8</version>
</dependency>src目录下新建struts.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="S2-001" extends="struts-default">
<action name="login" class="com.demo.action.LoginAction">
<result name="success">welcome.jsp</result>
<result name="error">index.jsp</result>
</action>
</package>
</struts>修改web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>S2-001 Example</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>修改index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>S2-001</title>
</head>
<body>
<h2>S2-001</h2>
<s:form action="login">
<s:textfield name="username" label="username" />
<s:textfield name="password" label="password" />
<s:submit></s:submit>
</s:form>
</body>
</html>增加welcome.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib prefix="s" uri="/struts-tags" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>S2-001</title>
</head>
<body>
<p>Hello <s:property value="username"></s:property></p>
</body>
</html>在src中新建com.demo.action
package com.demo.action;
import com.opensymphony.xwork2.ActionSupport;
public class LoginAction extends ActionSupport {
private String username = null;
private String password = null;
public String getUsername() {
return this.username;
}
public String getPassword() {
return this.password;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public String execute() throws Exception {
if ((this.username.isEmpty()) || (this.password.isEmpty())) {
return "error";
}
if ((this.username.equalsIgnoreCase("admin"))
&& (this.password.equals("admin"))) {
return "success";
}
return "error";
}
}然后run即可
项目目录
项目打包
建立一个archive,以刚刚建好的exploded为基础
环境搭建
以下环境部署是部署到CTFd上,即Linux服务器上的环境部署
将打包成的S2-001.war与以下文件放在一起
Dockerfile S2-001.war start.shDockerfile
FROM vulhub/tomcat:8.5
RUN rm -rf /usr/local/tomcat/webapps/* \
&& chmod a+x /usr/local/tomcat/bin/*.sh
COPY S2-001.war /usr/local/tomcat/webapps/ROOT.war
COPY start.sh /start.sh
EXPOSE 8080
CMD ["/start.sh"]start.sh
#!/bin/bash
echo "$FLAG" > /flag
export FLAG=not_flag
FLAG=not_flag
rm -f /start.sh
/usr/local/tomcat/bin/catalina.sh run
while true
do
sleep 3600
echo "restart ...."
done
最终打包镜像:ephemerally/s2-001
可以直接docker pull ephemerally/s2-001:latest下载使用
PS:有遇到容器无法正常开启的情况,可能是Docker容器分配的内存不够